Foothold
Interacting with the web application provided by the Docker VM, we notice it is running a WordPress instance:
The next step in our attack will be running the wpscan
tool and looking for any low-hanging fruit, and gathering as much information about the instance as possible.
Note
The wpscan
tool is available on Kali and almost any other penetration-testing-focused distribution. The latest version can be pulled from https://github.com/wpscanteam/wpscan.
We can start our attack by issuing a wpscan
command in the attack machine terminal. By default, passive detection will be enabled to look for ...
Get Becoming the Hacker now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.